ATTENTION: 2016 Feburary NEW 70-417 Dumps covers ALL NEW 70-417 NEW Questions need to be paid more ATTENTION!

2016 Feburary NEW 70-417 Questions and Answers Share:

QUESTION 601Server1 download update from microsoft update.You have Server2 that must syncronize update from Server1.Have firewall separate between Server1 and Server2.Which port should to open on Server2 to syncronize ?

A. 80B. 443C. 3389D. 8530

Answer: D

QUESTION 602How to create or remove service account?

A. Add-ADComputerServiceAccountB. New-ADGroup

Answer: AExplanation:To create a new managed service accountAdd-ADComputerServiceAccountCreating and using managed service accountsThe following procedures can be used to create and administer managed service accounts.To import the Active Directory module for Windows PowerShellClick Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell icon.Run the following command: Import-Module ActiveDirectory.To create a new managed service accountOn the domain controller, click Start, and then click Run. In the Open box, type dsa.msc, and then click OK to open the Active Directory Users and Computers snap-in. Confirm that the Managed Service Account container exists.Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell icon.Run the following command: New-ADServiceAccount [-SAMAccountName <String>] [-Path <String>].Associate the new MSA to the computer account by running the following command: Add-ADComputerServiceAccount [-Identity] <ADComputer> <ADServiceAccount[]>See Add-ADComputerServiceAccount for the complete syntax.https://technet.microsoft.com/en-us/library/dd548356(v=ws.10).aspx

QUESTION 603You configure server1 for ssl for all wsus metadata by using a CA. Server2 must sync from server1.

Answer: DExplanation:Note, template command WSUSUtil.exe configuressl <Intranet FQDN of the site system server>.

QUESTION 604You have a server named Server1.You enable BitLocker Drive Encryption (BitLocker) on Server1. You need to change the password for the Trusted Platform Module (TPM) chip.What should you run on Server1?

QUESTION 605You deploy a Windows Server Update Services (WSUS) server named Server01.You plan to use a Group Policy object (GPO) to configure all client computers to use Server01 as a Microsoft update server and assign the client computers to computer groups.You need to ensure that the computer are assigned to the correct computer groups automatically when the GPO is deployed.Which two actions should you platform before you deploy the GPO? Each correct answer presents parts of solution.

A. From Windows PowerShell, run the Approve-WSUSUpdate cmdlet.B. From Windows PowerShell, run the Add-WSUSUpdate cmdlet.C. From the Update Service console, manually create the computer groups.D. From the Update Service console, modify the Computers option.E. From the Update Service console, modify the Products and Classifications options.

Answer: AC

QUESTION 606Your Network contains oneActive Directory domain named contoso.com.You pilot DirectAccess on the network.During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.What should you do?

A. From Group Policy Management, modify the security filtering of an object named Direct Access Server Setting Group Policy.B. From Active Directory Users and Computers, modify the membership of the Windows Authorization Access Group.C. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.D. From Remote Access Management Console, run the remote access Server Setup wizard.

QUESTION 607Your Network contains oneActive Directory domain named contoso.com.You pilot DirectAccess on the network.During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.What should you do?

A. From Windows PowerShell, run the Ser-DAServer cmdlet.B. From Remote Access Management Console, run the remote access Server Setup wizard.C. From Group Policy Management, modify the security filtering of an object named Direct Access Server Setting Group PolicyD. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.

Answer: D

QUESTION 608Your Network contains oneActive Directory domain named contoso.com.You pilot DirectAccess on the network.During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.What should you do?

A. From Windows PowerShell, run the Ser-DAClient cmdlet.B. From Windows PowerShell, run the Ser-DirectAccess cmdlet.C. From Active Directory Users and Computers, modify the membership of the Windows Authorization Access Group.D. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.

QUESTION 609Your network contains an Active Directory domain named contoso.com.All user accounts reside in an organizational unit (OU) named OU1. All of the users in the marketing department are members of a group named Marketing. All of the users in the human resources department are members of a group named HR.You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preferences of GPO1 to add two shortcuts named Link1 and Link2 to the desktop of each user.You need to ensure that Link1 only appears on the desktop of client computers that have more than 80 GB of free disk space and Link2 only appears on the desktop of client computers that have less than 80 GB of free disk space.What should you configure?

QUESTION 610Drag and Drop QuestionYou have a group Managed Service Account named Account01. Only tree servers named Server01, Server02 and Server03 allowed to use the Account01 service account.You plan to decommission Server01.You need to prevent Server01 from using the Account01 service account. The solution must be ensure that Server02 and Server03 continue to use the Account01 service account.What command should you run?Drop DownRemove-ADServiceAccountReset-ADServiceAccountSet- ADServiceAccountAccount01>>-DNSHomeName-PrincipalsAllowedToRetrieveManagedPassword-SAMAccountName-Server>>>Server01Server01$Server02, Server 03Server02$, Server03$Answer: Set- ADServiceAccount-PrincipalsAllowedToRetrieveManagedPassword Server02$, Server03$

QUESTION 611Your Network contains an Active Directory domain named contoso.com.All domain controllers run Windows Server 2012 R2.A central store is configured on the domain controller named DC1.You have a custom administrative template file name App1.admx. App1.admx contains application setting for an application App1.You copy App1.admx to the central store. You create a Group Policy object (GPO) name App1_Setting.When you edit App1_Settings, you receive the warning massage show in following…>>Exhibit>>An appropriate recource file could not be found for file \\contoso.com\SysVol\contoso.com\PoliciesDefinations\App1.admx (error =2): The system cannot find the file specified.You need to ensure that you can edit the settings for App1_Settings GPO.What should you do?

A. Copy an ADML file to the central store.B. Move the ADMX file to the local PolicyDefinations Folder.C. Modify the permission of the ADMX File.D. Add an Administrative Template to the App1_Settings GPO.

Answer: A

QUESTION 612Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1.You need to view the settings of PSO1.Which tool should you use?

Answer: BExplanation:The Get-ADFineGrainedPasswordPolicy cmdlet gets a fine grained password policy or performs a search to retrieve multiple fine grained password policies.Note:* In Windows Server 2008 (and later), you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. For example, to increase the security of privileged accounts, you can apply stricter settings to the privileged accounts and then apply less strict settings to the accounts of other users. Or in some cases, you may want to apply a special password policy for accounts whose passwords are synchronized with other data sources.